82 matches found
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: net: fixed an integer overflow issue related to the geneveopt structure. The struct geneveopt uses 5 bits for each individual option. This means that each option’s size should be less than 128 bytes. However, current Netlink...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel before version 5.8. The lib/nlattr.c file allows attackers to cause a denial of service unbounded recursion through a nested Netlink policy with a back reference...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: net: genl: Fixed a memory leak in the error path during policy dumping. If the construction of the policy array fails when recording non-first policies, we need to unwind the situation. The netlinkpolicydumpaddpolicy function...
Astra Linux - уязвимость в linux-5.10, linux-6.1
In the Linux kernel, the following vulnerabilities have been resolved: netlink: added nla be16/32 types to the minlen array. BUGs: KMSAN: uninit-value in nlavalidaterangeunsigned, lib/nlattr.c:222 inline. BUGs: KMSAN: uninit-value in nlavalidateintrange, lib/nlattr.c:336 inline. BUGs: KMSAN:...
Astra Linux - уязвимость в linux-5.10, linux
In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fixed the warning during failed attribute validation The 'TCAMPLSLABEL' attribute is of 'NLAU32' type, but has a validation type of 'NLAVALIDATEFUNCTION'. This is an invalid combination according to the commen...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: macvlan: The forgotten nlapolicy has been added for IFLAMACVLANBCCUTOFF. The previous commit 954d1fa1ac93, titled “macvlan: Add netlink attribute for broadcast cutoff”, added an additional attribute named IFLAMACVLANBCCUTOFF to...
OESA-2026-2235 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: add missing netlink policy validations Hyunwoo Kim reports out-of-bounds access in sctp and ctnetlink. These attributes are used by the...
netfilter: ctnetlink: use netlink policy range checks
...
SUSE CVE-2026-31495
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlink policy range checks Replace manual range and mask validations with netlink policy annotations in ctnetlink code paths, so that the netlink core rejects invalid values early and can generate extac...
EUVD-2026-24867
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlink policy range checks Replace manual range and mask validations with netlink policy annotations in ctnetlink code paths, so that the netlink core rejects invalid values early and can generate extac...
CVE-2026-31495
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlink policy range checks Replace manual range and mask validations with netlink policy annotations in ctnetlink code paths, so that the netlink core rejects invalid values early and can generate extac...
CVE-2026-31495
The CVE-2026-31495 entry concerns the Linux kernel’s netfilter ctnetlink path. The issue stems from missing netlink policy range checks, allowing invalid values to slip through due to manual range validation in CTA_PROTOINFO_TCP_STATE, WSCALE, and related flags. The documented impact notes that c...
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: use netlink policy range checks Replace manual range and mask validations with netlink policy annotations in ctnetlink code paths, so that the netlink core rejects invalid values early and can generate extac...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of a netlink policy scope check in ctnetlink. This vulnerability may lead to undefined behavio...
PT-2026-34400
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the netfilter ctnetlink component where manual range and mask validations are used instead of netlink policy annotations. This can lead to undefined behavior when the...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007273)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007273 advisory. In the Linux kernel, the following vulnerability has been resolved: net: fix geneveopt length integer overflow struct geneveopt uses 5 bit length for each single...
SUSE CVE-2026-31420
In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic brmrpstarttest and brmrpstartintest accept the user-supplied interval value from netlink without validation. When interval is 0, usecstojiffies0 yields 0, causing the...
EUVD-2026-21944
In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic brmrpstarttest and brmrpstartintest accept the user-supplied interval value from netlink without validation. When interval is 0, usecstojiffies0 yields 0, causing the...
CVE-2026-31420 bridge: mrp: reject zero test interval to avoid OOM panic
In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic brmrpstarttest and brmrpstartintest accept the user-supplied interval value from netlink without validation. When interval is 0, usecstojiffies0 yields 0, causing the...
netfilter: conntrack: add missing netlink policy validations
...